[using salt --version: 2015.5.0] I want to add a rule that allows ALL TRAFFIC from another security group
I have this in my pillar:
securitygroups:
groups:
- name: NFS
region: us-east-1
vpc_id: vpc-1234
description: desc
rules:
- ip_protocol: -1
from_port: -1
to_port: -1
ec2_group: sg123456
API suggests to use -1 to specify all IpProtcol. But I'm getting this error:
----------
ID: secgroups_NFSecurityGroup
Function: boto_secgroup.present
Name: NFSecurityGroup
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1563, in call
**cdata['kwargs'])
File "/usr/lib/python2.6/site-packages/salt/states/boto_secgroup.py", line 140, in present
_ret = _rules_present(name, rules, vpc_id, region, key, keyid, profile)
File "/usr/lib/python2.6/site-packages/salt/states/boto_secgroup.py", line 345, in _rules_present
to_delete, to_create = _get_rule_changes(rules, sg['rules'])
File "/usr/lib/python2.6/site-packages/salt/states/boto_secgroup.py", line 265, in _get_rule_changes
raise SaltInvocationError(msg.format(ip_protocol))
SaltInvocationError: Invalid ip_protocol traffic specified in security group rule.
Started: 03:09:58.163808
Duration: 235.323 ms
from_port: -1 and to_port: -1 works fine if I specify an ip_protocol: icmp|tcp|udp
Aucun commentaire:
Enregistrer un commentaire